Solved.
I was writing an original reply, using "I think I have something
conceptually wrong", when it hit my mind:
One of the components (the login/logout box) has this:
final EsscAuthSession sess = (EsscAuthSession)getSession();
and the onClick() was like
add( new Link("logoutLink") {
@Override public void onClick() {
sess.invalidate();
}
}
I.e. using the old request's session in onClick()'s request.
It's a bit leaky abstraction, as I got used not to think much about
requests, but in this case I had to realize.
So now it's
add( new Link("logoutLink") {
@Override public void onClick() {
getSession().invalidate();
}
}
Maybe it should be stressed in the wicket examples to call getSession()
to warn beginners.
Thanks for replies.
Ondra
On Thu, 2012-09-27 at 10:34 +0300, Martin Grigorov wrote:
> Hi,
>
> You need to use Session#invalidate() actually.
>
> #invalidate() schedules a call to #invalidateNow() at the end of the
> request cycle.
>
> By using #invalidateNow() you invalidate the current http session and
> right after this your app creates a new Session because it needs to
> finish the request cycle and the new one is what you see later. You
> can print the hashcodes to see whether I'm right.
>
> On Thu, Sep 27, 2012 at 9:04 AM, Ondrej Zizka <ozi...@redhat.com> wrote:
> > Hi,
> >
> > i am trying to implement a simple authentization.
> >
> > I've basically copied what's in the auth example #2 in wicket examples,
> > and have a Logout button:
> >
> > add( new Link("logoutLink") {
> > @Override public void onClick() {
> > sess.invalidateNow();
> > setResponsePage( HomePage.class );
> > }
> > }
> > .add( new Label("label", "Logout " +
> > sess.getUser().getName()) )
> >
> > Which, when clicked, is performed, but in the second request, the User
> > object, which set to null in my overriden signOut(), is back in my
> > session object. Not sure if the same obj, but the same values.
> >
> > What could be wrong?
> >
> > Thanks,
> > Ondra
>
>
>
